fix: remove pull target (#2107)

Signed-off-by: matttrach <matt.trachier@suse.com>
Co-authored-by: Matt Trachier <matt.trachier@suse.com>

Author: github-actions[bot]

.github/pull_request_template.md

@@ -1,8 +1,8 @@
 <!--- If there is no user issue related to this then you should remove the next line --->
 Addresses #
 
-<!--- Add labels (eg. release/v13) for each release branch to target --->
-<!--- Labels need to be added before PR is created for automation to run smoothly! --->
+<!--- Add labels (eg. release/v14) for each release branch to target --->
+<!--- Please don't manually add "internal" labels, those are for automation only --->
 
 ## Description
 

.github/workflows/backport-merge-label.yml

@@ -0,0 +1,28 @@
+name: Backport Merge Label
+
+on:
+  pull_request:
+    types: [closed]
+    branches: 
+      - 'release/*'
+
+jobs:
+  label:
+    if: ${{ github.event.pull_request.merged == true }}
+    permissions:
+      contents: read
+      issues: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Checkout Repository'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
+        with:
+          fetch-depth: 0
+          ref: 'main'
+      - name: 'Find and Label Related Issue'
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 https://github.com/actions/github-script
+        with:
+          script: |
+            const scriptPath = `${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/merge-label.js`;
+            const { default: script } = await import(scriptPath);
+            await script({github, context, core});

.github/workflows/backport-pr-manual.yml

@@ -43,9 +43,10 @@ jobs:
               core.setFailed(`Failed to retrieve PRs associated with commit ${mergeCommitSha}: ${error.message}`);
             }
       - name: 'Checkout Repository'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
+          ref: 'main'
       - name: 'Find Issues and Create Cherry-Pick PRs'
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 https://github.com/actions/github-script
         env:

.github/workflows/backport-prs.yml

@@ -43,9 +43,10 @@ jobs:
             // set output for next steps
             core.setOutput('merge_commit_sha', mergeCommitSha);
       - name: 'Checkout Repository'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
+          ref: 'main'
       - name: 'Find Issues and Create Cherry-Pick PRs'
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 https://github.com/actions/github-script
         env:

.github/workflows/fossa.yml

@@ -2,7 +2,7 @@ name: FOSSA Scanning
 
 on:
   push:
-    branches: ["main", "master", "release/**"]
+    branches: ["main", "release/**"]
   workflow_dispatch:
 
 permissions:
@@ -14,21 +14,20 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-    - name: Checkout
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
 
-    # The FOSSA token is shared between all repos in Rancher's GH org. It can be
-    # used directly and there is no need to request specific access to EIO.
-    - name: Read FOSSA token
-      uses: rancher-eio/read-vault-secrets@main
-      with:
-        secrets: |
-          secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
+      # The FOSSA token is shared between all repos in Rancher's GH org. It can be
+      # used directly and there is no need to request specific access to EIO.
+      - name: Read FOSSA token
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
 
-    - name: FOSSA scan
-      uses: fossas/fossa-action@main
-      with:
-        api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
-        # Only runs the scan and do not provide/returns any results back to the
-        # pipeline.
-        run-tests: false
+      - name: FOSSA scan
+        uses: fossas/fossa-action@main
+        with:
+          api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
+          # Only run the scan and don't provide/return any results back to the pipeline.
+          run-tests: false

.github/workflows/manual-rc-release.yml

@@ -40,7 +40,7 @@ jobs:
             echo "Tag doesn't contain 'rc', please use the manual-release workflow"
             exit 1
           fi
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: Create and Push RC Tag with Git
@@ -58,7 +58,7 @@ jobs:
           fi
           git push origin "$TAG"
       - name: Check out new tag into a new directory
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           ref: ${{ inputs.tag }}
           path: ${{ github.workspace }}/tags/${{ inputs.tag }}
@@ -108,7 +108,7 @@ jobs:
 
           echo "Importing gpg key"
           echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 https://github.com/actions/setup-go
+      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 https://github.com/actions/setup-go
         with:
           go-version-file: ${{ github.workspace }}/tags/${{ inputs.tag }}/go.mod
           cache-dependency-path: ${{ github.workspace }}/tags/${{ inputs.tag }}/go.sum
@@ -127,10 +127,8 @@ jobs:
         env:
           TAG: ${{ inputs.tag }}
           BRANCH: ${{ inputs.branch }}
-          OWNER: ${{ github.repository_owner }}
-          REPO: ${{ github.event.repository.name }}
         with:
           script: |
             const scriptPath = `${{ github.workspace }}/.github/workflows/scripts/rc-notify.js`;
             const { default: script } = await import(scriptPath);
-            await script({github, process});
+            await script({github, context, core, process});

.github/workflows/manual-release.yml

@@ -33,7 +33,7 @@ jobs:
             echo "Tag contains 'rc', please use the manual-rc-release workflow"
             exit 1
           fi
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: Create and Push Tag with Git
@@ -51,7 +51,7 @@ jobs:
           fi
           git push origin "$TAG"
       - name: Check out new tag into a new directory
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           ref: ${{ inputs.tag }}
           path: ${{ github.workspace }}/tags/${{ inputs.tag }}
@@ -101,7 +101,7 @@ jobs:
 
           echo "Importing gpg key"
           echo "${GPG_KEY}" | gpg --import --batch > /dev/null || { echo "Failed to import GPG key"; exit 1; }
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 https://github.com/actions/setup-go
+      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 https://github.com/actions/setup-go
         with:
           go-version-file: ${{ github.workspace }}/tags/${{ inputs.tag }}/go.mod
           cache-dependency-path: ${{ github.workspace }}/tags/${{ inputs.tag }}/go.sum

.github/workflows/pull_request.yaml

@@ -11,7 +11,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
       - name: build binaries
         env:
           CROSS: 1
@@ -21,7 +21,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix
@@ -38,7 +38,7 @@ jobs:
     name: 'Terraform'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix
@@ -57,7 +57,7 @@ jobs:
     name: 'Lint Workflows'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix
@@ -74,7 +74,7 @@ jobs:
     name: 'Node Check'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix
@@ -95,7 +95,7 @@ jobs:
     name: 'ESLint'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix
@@ -113,7 +113,7 @@ jobs:
   shellcheck:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix
@@ -133,9 +133,9 @@ jobs:
   validate-commit-message:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
-          fetch-depth: 0 # fetch all history so that we can validate the commit messages
+          fetch-depth: 0
       - name: install-nix
         run: |
           curl -L https://nixos.org/nix/install | sh
@@ -160,7 +160,7 @@ jobs:
               cat <<EOF
           ...Commit message does not start with the required prefix.
           Please use one of the following prefixes: "fix:", "feature:", "feat:", "refactor!:", "feature!:", or "feat!:".
-          This enables release-please to automatically determine the type of release (major, minor, patch) based on the commit message.
+          This enables release-please to automatically format release notes based on the commit message.
           $message
           EOF
               exit 1
@@ -180,11 +180,11 @@ jobs:
           length_check() {
             message="$1"
             length="$(wc -m <<<"$message")"
-            if [ $length -gt 50 ]; then
-              echo "...Commit message subject line should be less than 50 characters, found $length."
+            if [ $length -gt 100 ]; then
+              echo "...Commit message subject line should be less than 100 characters, found $length."
               exit 1
             else
-              echo "...Commit message subject line is less than 50 characters."
+              echo "...Commit message subject line is less than 100 characters."
             fi
           }
           spell_check() {
@@ -193,6 +193,7 @@ jobs:
             if [ "" != "$WORDS" ]; then
               echo "...Commit message contains spelling errors on: ^$WORDS\$"
               echo "...Also try updating the PR title."
+              echo "...If this is a mistake, add your word to the aspell_custom.txt file, it is case insensitive."
               exit 1
             else
               echo "...Commit message doesnt contain spelling errors."
@@ -218,7 +219,7 @@ jobs:
     name: 'Scan for Secrets'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: install-nix

.github/workflows/rc-notifications.yml

@@ -12,13 +12,14 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Checkout Repository'
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
+          ref: 'main'
       - name: 'Find Issues and Create Comments'
         uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 https://github.com/actions/github-script
         with:
           script: |
             const scriptPath = `${process.env.GITHUB_WORKSPACE}/.github/workflows/scripts/rc-notify.js`;
             const { default: script } = await import(scriptPath);
-            await script({github, context});
+            await script({github, context, core, process});

.github/workflows/release.yml

@@ -35,7 +35,7 @@ jobs:
       release_pr: ${{ steps.release-please.outputs.pr }}
       release_version: ${{ steps.release-please.outputs.version }}
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 https://github.com/googleapis/release-please-action/commits/main/
@@ -82,7 +82,7 @@ jobs:
         attempts: [1,2,3] # I want to have jobs specifically in place to retry or cancel a test based on IP collisions
         test_name: ${{ fromJSON(needs.setup.outputs.tests) }}
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: 'Clear out GitHub Runner'
@@ -155,7 +155,7 @@ jobs:
           name: lock-${{ matrix.test_name }}-${{ strategy.job-index }}
           path: /dev/null
           retention-days: 1
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 https://github.com/actions/setup-go
+      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 https://github.com/actions/setup-go
         if: (steps.check-lock.outputs.status == 'clean' && steps.check-ip.outputs.status == 'clean') || strategy.job-index == 0
         with:
           go-version-file: 'go.mod'
@@ -206,7 +206,7 @@ jobs:
     if: always() && needs.release.outputs.release_pr
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
@@ -233,7 +233,7 @@ jobs:
     if: always() && needs.release.outputs.release_pr
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
@@ -326,7 +326,7 @@ jobs:
     steps:
       # If the e2e tests pass we automatically generate an RC release
       #   this shouldn't happen when the release PR is merged, only when it's opened or updated
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
       - name: Create and Push RC Tag with Git
@@ -407,13 +407,11 @@ jobs:
         env:
           TAG: ${{ env.RC_TAG }}
           BRANCH: ${{ env.RC_BRANCH }}
-          OWNER: ${{ github.repository_owner }}
-          REPO: ${{ github.event.repository.name }}
         with:
           script: |
             const scriptPath = `${{ github.workspace }}/.github/workflows/scripts/rc-notify.js`;
             const { default: script } = await import(scriptPath);
-            await script({github, process});
+            await script({github, context, core, process});
 
   # This runs after release-please generates a release, so when the release PR is merged
   publish:
@@ -428,10 +426,10 @@ jobs:
     if: always() && needs.release.outputs.release_version
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 https://github.com/actions/checkout
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 https://github.com/actions/checkout
         with:
           fetch-depth: 0
-      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 https://github.com/actions/setup-go
+      - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 https://github.com/actions/setup-go
         with:
           go-version-file: 'go.mod'
           cache: true